<?php
/*------------------------------------------------------------------------------ 
    Create Date :
    Author    : 
    Copyright(c) 2010 A.D.A Solution. All rights reserved
        
    ------------------------------------------------------------------------------
    Update History:
    Ver.    TRB#             Date          Author       Note
    3.0     coding standard  2010/09/06    QuocBao     Review code,update comment for source
    
------------------------------------------------------------------------------*/

    if(!defined('IN_ADAGPS'))
    {
        die(SYSTEM_ACCESS_DENIED);
    }
    //=======================================================
    global $objTemplate, $arrConfig,$objDbSelect,$objDbUpdate,$maxNoActivity;
    // Kiem tra neu la phuong thuc POST thi xu ly login
   // echo '<pre>';
   // print_r($_POST); die();
    $sHideMethod = isset($_POST['hide_method']) ? $_POST['hide_method'] : 'none';
     $cookie_user = isset($_COOKIE["adagps_user"]) ? $_COOKIE["adagps_user"]:"";
     $cookie_pass = isset($_COOKIE["adagps_pass"])  ? $_COOKIE["adagps_pass"]:"";
     $cookie_auto = isset($_COOKIE["adagps_auto"])   ? $_COOKIE["adagps_auto"]:"";
     $cookie_remember = isset($_COOKIE["adagps_remember"]) ? $_COOKIE["adagps_remember"]:"";
     $cookie_flag =isset($_COOKIE['adagps_flag']) ? $_COOKIE['adagps_flag'] : '';
     $userDisplay='';
     $passDisplay='';
     $rememberDisplay =0;
     $autoDisplay =0;
     $timeSave = time()+3600*30;
    
    if($sHideMethod == 'login'||($cookie_user!='' && $cookie_pass!='' && $cookie_auto==1&&$cookie_flag==1))
    {  

        $sUserName = isset($_POST['txtUserNameLogin']) ? $_POST['txtUserNameLogin'] : $cookie_user;
        $sPass = isset($_POST['txtPasswordLogin']) ? $_POST['txtPasswordLogin'] : $cookie_pass;
        // Them dau thoat vao truoc cac ky tu dac biet
        $sUserName = MyAddSlashes($sUserName);
  
        // Query du lieu tu database
        $sPassEn = MyAddSlashes(EncryptPass($sPass));
        
        $sSqlString =  "select u.*,h.hotel_name,h.id as hotel_id from tbl_user as u left join tbl_service as h on u.hotel_id = h.id WHERE u.username = '$sUserName' and u.pass = '$sPassEn' and u.active = $sys_active";
     //   echo $sSqlString; die();
        $rsResult = $objDbSelect->GetArray($sSqlString);
       // echo $sSqlString; die();
        if(!is_array($rsResult))
        {            // Loi khi query
            MsgBox1(CONNECT_DB_ERR);
            $bLogin = 0;
            Redirect(ROOTURL.'?m=login');
            exit();
        }
        elseif(count($rsResult)==0)
        {
            
            // User khong ton tai
            setcookie('adagps_flag',0,$timeSave);
            MsgBox1(ERR_USER_INVALID); 
            Redirect(ROOTURL.'?m=login');
            exit();
        }
        else
        {
            // them phan nho pass va tu dong dang nhap

            if($sHideMethod == 'login'){    

                $cookie_auto = isset($_POST['chkAutoLogin'])?1:0;
                $cookie_remember = isset($_POST['chkRemember'])?1:0; 
                if($cookie_auto==1||$cookie_remember==1){
                    $cookie_user = $_POST['txtUserNameLogin'];
                    $cookie_pass = $_POST['txtPasswordLogin']; 
                    $cookie_flag = $cookie_remember;
                }else{
                    $cookie_user = '';
                    $cookie_pass = ''; 
                }          
            }
            if($cookie_remember==1){
                setcookie('adagps_flag',$cookie_flag,$timeSave);
                setcookie('adagps_user',$cookie_user,$timeSave);
                setcookie('adagps_pass',$cookie_pass,$timeSave);
                setcookie('adagps_auto',$cookie_auto,$timeSave);
                setcookie('adagps_remember',$cookie_remember,$timeSave);
            }    

            // them phan nho pass va tu dong dang nhap 

            // dang ky cac bien session
            $_SESSION['islogin']=1;  
            $_SESSION['current']['user_id']  =  $rsResult[0]['id'];
            $_SESSION['current']['user_name']  =  $rsResult[0]['username'];
            $_SESSION['current']['power_type_id']  =  $rsResult[0]['power_type_id'];
            $_SESSION['current']['power_id']  =  $rsResult[0]['power_id'];
            $_SESSION['current']['hotel_id']  =  $rsResult[0]['hotel_id'];
            $_SESSION['current']['hotel_name']  =  $rsResult[0]['hotel_name'];
            
            $_SESSION['root']['user_id']  =  $rsResult[0]['id'];
            $_SESSION['root']['user_name']  =  $rsResult[0]['username'];
            $_SESSION['root']['power_type_id']  =  $rsResult[0]['power_type_id'];
            $_SESSION['root']['power_id']  =  $rsResult[0]['power_id'];
             
            Redirect('index.php?m=default') ;          

        }

    }elseif($cookie_remember==1){
        $userDisplay = $cookie_user;
        $passDisplay = $cookie_pass;
        $rememberDisplay = $cookie_remember;
        $autoDisplay = $cookie_auto;        
    }
    
